Securing the blockchain ecosystem is one of the most difficult cybersecurity challenges we face today. Blockchain itself may be secure, but that does not mean that all parts that overlap with it, such as wallets, exchanges, miners, and smart contracts, are secure – and many are not. According to a recent report, hackers stole more than $2 billion worth of cryptocurrencies in the first half of this year.
While the threat is currently primarily limited to public blockchains, the corporate sector could be next. Hackers focus their attention and efforts more on public blockchain than on corporate blockchain, and that is because of the amount of money that is being deposited into it. The weakness of the enterprise blockchain has been identified as a major threat to the security of both public and private blockchain systems.
Every new technology creates new threats, creates a new learning curve for security, and like all new technologies, it takes time for risks to emerge and how to manage them.
We are currently in the early learning phase when it comes to blockchain security, but we are still on the same curve as IoT. We are going through the same curves as Wi-Fi, and companies will have to learn that there is a huge gap between the security of the network and the activities that are being attacked. Blockchain security is an attractive target as it offers potential for privacy, anonymity, scalability, privacy and security.
One reason that this is an attractive target is that in this new landscape, cyber attackers can take a step away from paying for the day and not worry about how they can make money from the data they steal, but only steal the virtual money themselves. Although the entire blockchain system is secure, there are still places where attackers can infiltrate. Every component that interacts with the blockchain is written in code, and most software codes have flaws and vulnerabilities. In fact, the latest data shows that 85% of apps have at least one vulnerability when they are scanned for the first time. Every year trillions of lines of code are scanned, and a regular finding is that a significant number of vulnerabilities appear.
With such widespread errors, wallets, smart contracts, and exchanges could be vulnerable to hackers. For example, the smart contracts of the stock exchanges have recently revealed significant weaknesses. How can companies trust that the software that interacts with the blockchain is secure?
Cryptocurrency exchanges are an online platform where users can exchange a cryptocurrency for another cryptocurrency or a fiat currency. Depending on the exchange, it can work in different ways, such as wallets, smart contracts, exchanges and wallets.
The Mt Gox Exchange was hacked and filed for bankruptcy protection in March 2014, claiming to have lost more than 1.5 million BTC, or about $2.6 billion. BTC was worth $565 million, according to Forbes, meaning the stock market suffered a loss of $480 million at the time of the hack.
Coincheck did not suffer an attack because it stored everything in a hot wallet and used single-factor authentication. It’s like a bank keeping all its money in the bank’s drawer, but according to the Federal Reserve, it’s not.
We also saw a simple programming error in a smart contract that led to the DAO having a flaw in its smart contracts that allowed attackers to siphon off $50 million worth of airwaves. Intelligent contracts that digitally facilitate, review and enforce the negotiation and execution of a contract are not immune either.
Ultimately, it is naive to believe that transactions are secure only because we are dealing with a blockchain. What should blockchain users do to protect themselves and their blockchains? Let’s start with basic security measures: users should never reveal their unique private keys or allow two-factor authentication that adds an extra layer of security. Other sensible measures are not to publish e-mail addresses or telephone numbers online when using exchange exchanges. Cryptocurrency traders can also be warned not to boast about their cryptocurrency portfolios online.
Security must be implemented from code onwards: developing software that interacts with the blockchain and its processes is important. It is also good practice that can be widely used to ensure that all parties are aware of who is responsible for the security of their private keys and their transactions.
As with any new technology, the actors of the threat are looking for weaknesses that can increase skepticism. Blockchain offers many useful benefits, including anonymity, privacy, security, transparency, and the ability to store and process data.